Introducing CloudABI

What is CloudABI?

CloudABI is a runtime environment for UNIX-like operating systems.
Applications built for CloudABI differ from traditional UNIX-like
applications in that they do not make use of
command-line arguments
and
environment variables.
Instead, they can be launched through a utility called cloudabi-run,
which can read configuration options provided in
YAML:

These resources are acquired by cloudabi-run and can be extracted by
the application as file descriptors, meaning program startup can be
simplified.

Direct access to global namespaces is absent from CloudABI entirely,
meaning applications cannot open files or connect to systems on the
network arbitrarily. In effect, resources specified in the YAML file
(and ones derived from them) are the only ones CloudABI applications can
use to interact with the outside world. There is no need to design a
separate security policy.

The idea behind CloudABI is that we want to work towards a landscape in
which applications are strongly sandboxed, testable and
reusable by default. It brings the concept of
dependency injection
to full-size UNIX applications by making use of
capability-based security.
The goal is to make sandboxing clean and simple, as opposed to
being an obstacle.

Using CloudABI

I want to write CloudABI applications in…

It is possible to write software for CloudABI in a number of languages.
The articles linked below explain how you can get started with
developing software in your language of choice.

If your favorite language is not listed, it means we’re still looking
for volunteers to help us add support!

I want to run CloudABI applications on…

By formally defining CloudABI’s system call interface and making the
runtime friendly towards embedding, it is possible to run CloudABI
executables on multiple operating systems without modification. For
example, a CloudABI application compiled on macOS can be run on FreeBSD
and Linux as well.

The following articles explain how cloudabi-run can be set up on your
operating system of choice.

If your favorite operating system is not listed, it means we’re still
looking for volunteers to help us port CloudABI to that system! Use of
CloudABI as part of experimental operating systems research is also
encouraged.

Projects under the CloudABI umbrella

CloudABI
Specification of the system call layer that CloudABI applications use
to interact with the operating system. This specification is
automatically converted into documentation and language bindings.

cloudlibc
Standard C library for CloudABI that implements a large part of C11
and POSIX 2008. All features that are incompatible with CloudABI’s
security model have been removed, making it easy to determine which
parts of software needs to be adjusted to work well with sandboxing.

Flower
A networking daemon that can facilitate network connections between
CloudABI (and non-CloudABI) applications. Just like CloudABI itself,
it uses a capability-like security model for binding and connecting.

The CloudABI project needs your help!

Though a lot has already been achieved since the CloudABI project was
founded (2015), the project needs both a larger group of users and
developers to flourish. Are you interested helping out? Get in touch!
Non-technical contributions to the project (e.g., promotion, design,
documentation) are appreciated as well!

CloudABI consists entirely of Free/Open Source Software (FOSS). All of
the source code developed as part of the project is released on
GitHub under a two-clause BSD license.